42Crunch Platform release, March 20, 2020
This 42Crunch Platform release brings the support for OAuth2 authentication and better error handling in API Conformance Scan, as well as some smaller improvements.
In addition, we have released an extension for integrating API Security Audit with CI/CD in Azure Pipelines.
New features
The following are the new features and improvements to the existing ones in this release.
OAuth2 authentication in Conformance Scan
You can now configure Conformance Scan to authenticate to your API using OAuth2 access tokens.
In the scan configuration wizard, you configure OAuth2 authentication like bearer token authentication. This means that you must first manually obtain a token that the scan can use to authenticate to your API, and then enter the token value in the wizard.
For more details, see API Conformance Scan.
Improved error handling in Conformance Scan
We have improved how Conformance Scan handles errors, so that a scan will not fail because of too many errors. Now, even if the scan was unable to scan any of the operations in your API but had to skip them, you get a scan report so that you can check what the problems are.
For more details, see Scan report.
Azure Pipelines integration for Security Audit
You can now automate Security Audit of your OpenAPI definitions directly in your CI/CD in Azure Pipelines. REST API Static Security Testing provides a custom build task you can add to your pipeline and configure as needed.
For more details, see CI/CD integrations.
Safeguards against losing all organization administrators
To prevent an organization from losing all of their organization administrators, we have introduced restrictions for user management.
Organization administrators cannot lock or delete their own accounts, nor can they revoke their own administrator rights. They can, however, continue to manage other accounts in their organization normally, including other organization administrators. This ensure that each organization always has at least one organization administrator.
For more details, see Organization administrators.
Other improvements
- For easy reference, you can now see which organization your account belongs in as well as who owns your organization. For example, if you have self-registered to the platform, your account belongs to the community organization that is owned by 42Crunch.
- The article for the issue "Schema allows additional properties" has been improved.
Compatibility
This release is compatible with the following API Firewall images:
42crunch/apifirewall:v0.16.3
All previous image versions have been deprecated and are not compatible with this version of the platform.
When you switch the version of the API Firewall image, you must reconfigure any existing protection configurations so that they work with the new version. For more details, see Reconfigure API Protection.